Email Template
2,150 views
Skip to first unread message
λ
Oct 11, 2021, 2:19:41 AM10/11/21
to Wazuh mailing list
Good day!
Is there a way to pretty print the formatting of emails sent via Wazuh?
This is a bit hard to parse as a human and I know management will complain about the formatting.
Thanks for the assistance!
Message has been deleted
antonio....@wazuh.com
Oct 11, 2021, 2:58:15 AM10/11/21
to Wazuh mailing list
Hi Shadowedr
At this moment, email alerts cannot be configured without editing the source code.
Alternatively, you can use a custom integration (I recommend you to have a look at this blogpost) and use a python script that gets the alerts and send them.
In the manager you need to add these lines to the configuration:
<integration>
<name>custom-email-alerts</name>
<hook_url>emailre...@example.com</hook_url>
<level>10</level>
<group>multiple_drops|authentication_failures</group>
<alert_format>json</alert_format>
</integration>
The python script has to be in a specific path (/var/ossec/integrations/custom-email-alert) and with the proper permissions. You can use these commands to set the permissions and the owner.
chmod 750 /var/ossec/integrations/custom-email-alerts.py
chown root:ossec /var/ossec/integrations/custom-email-alerts.py
The script is attached
Mario Esteves
Dec 9, 2022, 10:04:56 PM12/9/22
to Wazuh mailing list
Sorry for my bad English
To be able to customize and not be so technical the notification emails, use a .py file that you download from this message
I made some corrections and modifications, since it sends the email in json format (unpleasing to look at) and I formatted it to HTML with the help of a Python library. To do this, they must enter the Python installed by wazuh (not the one installed in the operating system) and execute /var/ossec/framework/python/bin/python3 pip install json2html
They should also comment (or delete) the configuration lines of the alerts by e-mail from the Wazuh configuration and add those of the integrator that they are mentioning above.
That and a bit of css and html, and you can have a more user-friendly view for your SOC staff.
To be able to customize and not be so technical the notification emails, use a .py file that you download from this message
I made some corrections and modifications, since it sends the email in json format (unpleasing to look at) and I formatted it to HTML with the help of a Python library. To do this, they must enter the Python installed by wazuh (not the one installed in the operating system) and execute /var/ossec/framework/python/bin/python3 pip install json2html
They should also comment (or delete) the configuration lines of the alerts by e-mail from the Wazuh configuration and add those of the integrator that they are mentioning above.
That and a bit of css and html, and you can have a more user-friendly view for your SOC staff.
José Raeiro
Apr 14, 2023, 5:26:45 AM4/14/23
to Wazuh mailing list
>
They should also comment (or delete) the configuration lines of the alerts by e-mail from the Wazuh configuration
You mean configuring ossec.conf like this:<email_notification>no</email_notification>
?
Reply all
Reply to author
Forward
0 new messages